"Until now, many banks believed that they only needed to protect their business banking users since this is where the big losses were occurring. While this is still true, if banks protect their business users better than their retail users, the attacks will just shift to the retail side," he says. "We have witnessed this in the UK market. Instead of stealing $100,000 from a single customer, fraudsters will steal $10,000 from ten customers. U.S. banks are starting to realize that this is a global problem, and that they need to protect all their customers equally."
Meanwhile, cybercriminals don't typically target a specific SMB up front: like many attacks, they first cast a wide net with malicious spam, phishing emails or drive by attacks typically laden with Zeus and see what they've reeled in, experts say. Then they can narrow down their attacks to a focused group. "Then they choose which ones to prey on, their targets of interest," Jevans says.
The good news is there are plenty of fraud-detection tools banks can deploy to protect their customers. Even so, banks need a little incentive to invest in these solutions. "Banks are not obligated to refund business account customers in these cases -- just consumer accounts," Gartner's Litan says. "So it will literally take an act of Congress or some tough banking regulations to change the game here. And that's exactly what's needed in light of these increasing losses which couldn’t come at a worse time for small businesses trying to recover from the recession and help lead this country into economic growth and recovery."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.